<?php
/**
 * 
 * @author silenus
 *
 */
class m_privilege extends spModel {
	public $pk = 'privilege_id';
	public $table = 'privilege';
	/**
	 *
	 * @var m_department
	 */
	private $mod_department;
	/**
	 *
	 * @var m_employee
	 */
	private $mod_employee;
	
	/**
	 * 表中内部字段有: identity name deny allow order rule
	 */
	var $linker = array (
			// array (
			// 'type' => 'manytomany', // 多对多关联
			// 'map' => 'whohas', // 关联的标识
			// 'midclass' => 'farm_user2fruit', // 关联的中间表
			// 'mapkey' => 'fruitid', // 关联的字段
			// 'fclass' => 'farm_user', // 对应表的数据类
			// 'fkey' => 'uid', // 对应表的关联字段
			// 'enabled' => true
			// ),
			/**
			 * 一条权限规则对应若干资料, HasMany关系
			 */
			'data' => array (
					'type' => 'hasmany', // 一对多关联
					'map' => 'data', // 关联的标识
					'mapkey' => 'privilege_id',
					'fclass' => 'm_data',
					'fkey' => 'privilege_id',
					'enabled' => true 
			),
			/**
			 * 获取部门关联的具体权限
			 */
			'auth_dep' => array(
					'type' => 'hasmany',
					'map' => 'auth_dep',
					'mapkey' => 'privilege_id',
					'fclass' => 'mid_privilege_department',
					'fkey' => 'privilege_id',
					'enabled' => true
					),
			/**
			 * 获最用户关联具体权限
			 */
			'auth_emp' => array(
					'type' => 'hasmany',
					'map' => 'auth_emp',
					'mapkey' => 'privilege_id',
					'fclass' => 'mid_privilege_employee',
					'fkey' => 'privilege_id',
					'enabled' => true
					),
			/**
			 * 允许/禁止部门的相关权限, ManyToMany关系
			 */
			'department' => array (
					'type' => 'manytomany',
					'map' => 'department',
					'midclass' => 'mid_privilege_department',
					'mapkey' => 'privilege_id',
					'fclass' => 'm_department',
					'fkey' => 'department_id',
					'enabled' => true 
			),
			/**
			 * 允许/禁止职工的相关权限, ManyToMany关系
			 */
			'employee' => array (
					'type' => 'manytomany',
					'map' => 'employee',
					'midclass' => 'mid_privilege_employee',
					'mapkey' => 'privilege_id',
					'fclass' => 'm_employee',
					'fkey' => 'employee_id',
					'enabled' => true 
			) 
	);
	var $verifier = array (
			'rules' => array (
					'identity' => array (),
					'name' => array (),
					'deny' => array (),
					'allow' => array (),
					'order' => array (),
					'rule' => array () 
			) 
	);
	function get() {
	}
	
	/**
	 *
	 * @param int $identity
	 *        	权限码
	 * @param int $employee_id        	
	 */
	function checkAuth($auth_code, $employee_id) {
		
		// $ruleArray = $this->find ( array (
		// 'identity' => $auth_code
		// ), 'privilege_id',
		// 'employee_deny,employee_allow,department_deny,department_allow' );
		$privilege_id = spClass ( "m_privilege" )->find ( array (
				'auth_code' => $auth_code 
		) );
		$privilege_id = $privilege_id ['privilege_id'];
		// get employee auth
		$auth_employee = spClass ( "mid_privilege_employee" )->find ( array (
				'privilege_id' => $privilege_id,
				'employee_id' => $employee_id 
		), 'employee_id', 'allow' );
		// end get employee auth
		// get department auth
		$department_id = spClass ( "m_employee" )->spLinker ()->find ( array (
				'employee_id' => $employee_id 
		) );
		
		$department_id = $department_id ['department'] [0] ['department_id'];
		
		$auth_department = spClass ( "mid_privilege_department" )->find ( array (
				'privilege_id' => $privilege_id,
				'department_id' => $department_id 
		), 'department_id', 'allow' );
		// end get department auth
		
		if ('1' == $auth_employee ['allow']) {
			return true;
		} else if ('1' == $auth_department ['allow']) {
			return true;
		} else {
			return false;
		}
		
		// ORDER Must AS Following
		// TODO check whether in employee_deny , true return false
		// TODO check whether in employee_allow , true return true
		// TODO check whether in department_deny , true return false
		// TODO check whether in department_allow , true return true
	}
	function checkNodeAuth($node_id) {
		$this->mod_department->spLinker ()->find ( array (
				'department_id' => $node_id 
		) );
	}
	function modify_Auth() {
	}
	/**
	 *
	 * @param int $employee_id        	
	 * @param string $type
	 *        	两种形式,'deny'/'allow' deny 此职工禁止访问,allow 此职工允许访问
	 */
	private function _modify_employee_Auth($employee_id, $type) {
		// TODO STORE IN DATABASE BY Json
		// {employee_id:true,employee_id:false}
	}
	/**
	 *
	 * @param int $department_id        	
	 * @param string $type
	 *        	两种形式,'deny'/'allow' deny 此部门禁止访问,allow 此部门允许访问
	 */
	private function _modify_department_Auth($department_id, $type) {
		// TODO STORE IN DATABASE BY Json
		// Format {department_id:true,department_id:false}
		$this->replace ( $conditions, $row );
	}
}